Malware

New Rust-based RAT named LabubaRAT impersonates NVIDIA software

Privacy concept: pixelated words Malware on digital background, 3d render

The Hacker News reports that a new, previously undocumented remote access trojan (RAT) written in Rust and codenamed LabubaRAT has been identified. This malware is designed to disguise itself as legitimate NVIDIA software, allowing it to blend seamlessly into target systems and establish a persistent foothold for attackers.

LabubaRAT operates by impersonating NVIDIA's container runtime toolkit, using an executable named "nvidia-sysruntime.exe." Instead of hardcoding its command-and-control (C2) server details, it accepts this crucial information via command-line arguments, which can be configured at runtime. This flexibility allows attackers to reuse the same compiled binary across different campaigns and targets. The malware then stores this configuration in a local SQLite database and proceeds to profile the host. It identifies installed web browsers and security products, including major antivirus solutions like Microsoft Defender, CrowdStrike, and SentinelOne, as well as gathering system information such as hostname, RAM, CPU model, and User Account Control (UAC) status.

Once deployed, LabubaRAT offers a comprehensive set of functionalities, including command execution, file transfer, screenshot capture, and SOCKS5 proxy support. It supports multiple communication methods like HTTPS, WebView2, and DNS tunneling, making it difficult to disrupt. Evidence suggests LabubaRAT may be offered as a malware-as-a-service (MaaS).

Source: The Hacker News

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds